Google's Project Zero security experts have pinpointed potentially massive piracy of iPhone user data. The researchers described the modus operandi from this malware which has been at least since 2016. Pirated sites were malware on the iPhone of their visitors, gathering a wealth of data. Among these, one could find real-time geolocation data, lists of contacts and addresses or even courier data.
In the wake of major iOS updates, researchers have found that the hacking method is adapting. It has evolved between iOS 10 and iOS 12, revisiting each time its path. There are a total of 14 different vulnerabilities that have been identified by Google teams. Half of them directly hit Safari, the browser used by default on the iPhone. Five other vulnerabilities were located at the core of the system, while the last two were the partitioning system between the applications and the system. The researchers also claim that the last flaw was only discovered in February 2019. Apple corrected it 6 days later in version 12.1.4.
Many potential victims
The list of websites hacked and injecting the malware in the iPhone has not been communicated. Project Zero's blog post, however, indicates that these sites "received thousands of visits a week"a relatively high number of potential victims. One of the team members, Ian Beer, has himself installed the malware on an iPhone to see the damage it could cause. He noted that data from email applications such as WhatsApp, Telegram, Messages or Outlook could be retrieved. The data could also allow real-time geolocated tracking of the infected iPhone.
Fortunately, the slightest restart of a hacked iPhone makes the malware inoperative. However, between his arrival on the terminal and the restart of the terminal, the malware had the opportunity to gather a lot of information. In his blog post, Ian Beer directly blames the Apple teams. It indicates that the incriminated faults were allowed by the buggy and poorly controlled code injection.